Total
239 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-5603 | 1 Jitsi | 1 Jitsi | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Jitsi 2.5.5061 - 2.9.5544. | |||||
CVE-2017-5589 | 1 Yaxim | 2 Bruno, Yaxim | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for yaxim and Bruno (0.8.6 - 0.8.8; Android). | |||||
CVE-2016-5168 | 1 Google | 1 Chrome | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Skia, as used in Google Chrome before 50.0.2661.94, allows remote attackers to bypass the Same Origin Policy and obtain sensitive information. | |||||
CVE-2017-5591 | 3 Poezio, Sleekxmpp Project, Slixmpp Project | 3 Poezio, Sleekxmpp, Slixmpp | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for SleekXMPP up to 1.3.1 and Slixmpp all versions up to 1.2.3, as bundled in poezio (0.8 - 0.10) and other products. | |||||
CVE-2016-8358 | 1 Smiths-medical | 1 Cadd-solis Medication Safety Software | 2023-12-10 | 6.0 MEDIUM | 8.5 HIGH |
An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. The affected software does not verify the identities at communication endpoints, which may allow a man-in-the-middle attacker to gain access to the communication channel between endpoints. | |||||
CVE-2017-5592 | 1 Profanity Project | 1 Profanity | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for profanity (0.4.7 - 0.5.0). | |||||
CVE-2017-5604 | 1 Mcabber | 1 Mcabber | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for mcabber 1.0.0 - 1.0.4. | |||||
CVE-2017-5606 | 1 Xabber | 1 Xabber | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Xabber (only if manually enabled: 1.0.30, 1.0.30 VIP, beta 1.0.3 - 1.0.74; Android). | |||||
CVE-2017-5605 | 1 Movim | 1 Movim | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Movim 0.8 - 0.10. | |||||
CVE-2017-5593 | 1 Psi-plus | 1 Psi\+ | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Psi+ (0.16.563.580 - 0.16.571.627). | |||||
CVE-2017-5602 | 1 Jappix Project | 1 Jappix | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for jappix 1.0.0 to 1.1.6. | |||||
CVE-2014-1502 | 5 Mozilla, Opensuse, Opensuse Project and 2 more | 8 Firefox, Seamonkey, Opensuse and 5 more | 2023-12-10 | 6.8 MEDIUM | N/A |
The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and render content in a different domain via unspecified vectors. | |||||
CVE-2011-3072 | 1 Google | 1 Chrome | 2023-12-10 | 6.8 MEDIUM | N/A |
Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to pop-up windows. | |||||
CVE-2012-4193 | 4 Canonical, Mozilla, Redhat and 1 more | 13 Ubuntu Linux, Firefox, Firefox Esr and 10 more | 2023-12-10 | 6.8 MEDIUM | N/A |
Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same Origin Policy and read the properties of a Location object, or execute arbitrary JavaScript code, via a crafted web site. | |||||
CVE-2011-3056 | 3 Apple, Google, Opensuse | 4 Iphone Os, Safari, Chrome and 1 more | 2023-12-10 | 6.8 MEDIUM | N/A |
Google Chrome before 17.0.963.83 allows remote attackers to bypass the Same Origin Policy via vectors involving a "magic iframe." | |||||
CVE-2011-3067 | 2 Apple, Google | 3 Iphone Os, Safari, Chrome | 2023-12-10 | 6.8 MEDIUM | N/A |
Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to replacement of IFRAME elements. | |||||
CVE-2011-3956 | 1 Google | 1 Chrome | 2023-12-10 | 6.8 MEDIUM | N/A |
The extension implementation in Google Chrome before 17.0.963.46 does not properly handle sandboxed origins, which might allow remote attackers to bypass the Same Origin Policy via a crafted extension. | |||||
CVE-2011-2856 | 1 Google | 1 Chrome | 2023-12-10 | 7.5 HIGH | N/A |
Google V8, as used in Google Chrome before 14.0.835.163, allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | |||||
CVE-2009-1185 | 7 Canonical, Debian, Fedoraproject and 4 more | 9 Ubuntu Linux, Debian Linux, Fedora and 6 more | 2023-12-10 | 7.2 HIGH | N/A |
udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space. |